Cisco Cisco FirePOWER Appliance 7010
25-25
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding FTP and Telnet Traffic
You can combine the syntax in the table above as needed to create parameter validation statements that
correctly validate each FTP command where you need to validate traffic.
correctly validate each FTP command where you need to validate traffic.
Note
When you include a complex expression in a TYPE command, surround it by spaces. Also, surround
each operand within the expression by spaces. For example, type
each operand within the expression by spaces. For example, type
char A | B
, not
char A|B
.
Configuring Server-Level FTP Options
License:
Protection
You can configure several options at the server level. For each FTP server you add, you can specify the
ports to be monitored, the commands to validate, the default maximum parameter length for commands,
alternate parameter lengths for specific commands, and validation syntax for particular commands. You
can also choose whether to check for string format attacks and telnet commands on the FTP channel and
whether to print configuration information with each command. For additional information on
server-level FTP options, see
ports to be monitored, the commands to validate, the default maximum parameter length for commands,
alternate parameter lengths for specific commands, and validation syntax for particular commands. You
can also choose whether to check for string format attacks and telnet commands on the FTP channel and
whether to print configuration information with each command. For additional information on
server-level FTP options, see
.
To configure server-level FTP options:
Access:
Admin/Intrusion Admin
Step 1
Select
Policies > Intrusion > Intrusion Policy
.
The Intrusion Policy page appears.
Step 2
Click the edit icon (
) next to the policy you want to edit.
If you have unsaved changes in another policy, click
OK
to discard those changes and continue. See
for information on saving unsaved changes in another
policy.
The Policy Information page appears.
Step 3
Click
Advanced Settings
in the navigation panel on the left.
The Advanced Settings page appears.
Step 4
You have two choices, depending on whether
FTP and Telnet Configuration
under Application Layer
Preprocessors is enabled:
•
If the configuration is enabled, click
Edit
.
•
If the configuration is disabled, click
Enabled
, then click
Edit
.
date _datefmt
If
_datefmt
contains
#
, the represented parameter must be a number.
If
_datefmt
contains
C
, the represented parameter must be a character.
If
_datefmt
contains literal strings, the represented parameter must match the
literal string.
string
The represented parameter must be a string.
host_port
The represented parameter must be a valid host port specifier as defined by RFC
959, the File Transfer Protocol specification by the Network Working Group.
959, the File Transfer Protocol specification by the Network Working Group.
Table 25-5
FTP Command Parameters (continued)
If you use...
The following validation occurs...